DATA PROTECTION INFORMATION FOR POLYSCIENCE CULINARY DISTRIBUTORS AND BUSINESS PARTNERS
Effective: May 1, 2020
Following is an overview of the processing of your personal data, (if any and further referred to in this policy as simply “data”) and the resulting data protection rights in the context of our business relationship. Please forward this Data Protection Information to your respective employees who are involved in our business relationship or in any way participate in it. The processing of data may occur in connection with any operation such as the collection, recording, storage, organization, sorting, use, disclosure by transmission, linking and erasure.
- Who is responsible for processing your data?
Controller in the sense of Art. 4(7) of the General Data Protection Regulation (GDPR):
BRG Appliances Limited, Polyscience Culinary, Studio 3.2 Power Road Studios, 114 Power Road, London W4 5PY.
You can reach our Data Protection Officer by firstname.lastname@example.org.
- Where does your data come from and which data are processed?
We mainly process data which we receive directly from you in the context of our business relationship. These include:
- Business identification and contact details such as contact names, addresses, email-addresses and telephone numbers
- Order and sales data such as account and customer numbers
- Documentation of communications that occur as a part of our relationship
- Sociodemographic characteristics such as profession
- Tax data such as tax id numbers
- Location data such as required for orders or deliveries
In addition, we also receive your data from publicly accessible sources such as credit agencies or the internet. This data may include names and business addresses of managing directors and shareholders, data regarding your creditworthiness and payment histories.
For further information about our data processing, please contact us.
- What will your data be used for and what is the legal basis?
We process your data in accordance with the provisions of data protection law primarily to fulfil our contractual and legal obligations to you. In particular, we observe the principle of data minimization so that only the data specifically required for the relevant transaction or contract are processed.
- Collection and processing in the context of a business relationship
We collect and process your data as part of the acceptance and fulfilment of our business obligations to you (Art. 6(1)(b) GDPR). For example, we process your data in the context of contacting you to process and perform an order. By entering into a business relationship as an interested party, supplier or business partner, we will store your contact data as well as information about business processes and communication with you and process it at least for the duration of the business relationship.
- Processing on the basis of a legitimate interest
We also process your data to the extent required to safeguard our legitimate interests or those of a third party (Art. 6(1)(f) GDPR). We have a legitimate interest in processing the data for credit checks and to collect receivables, including in connection with mandates given to debt collection companies. We may also assign a claim and transfer data to the assignees to properly transfer the claim. We also process your data to the extent required for the assertion of legal claims, defence in legal disputes or the fulfilment of legal obligations.
- Processing on the basis of legal requirements
We process your data within the scope of legal obligations (Art. 6(1) (c) GDPR). These include the statutory requirements imposed by applicable tax codes. We also process your data within the scope of further legal obligations. For deliveries outside the EEA, your shipment data will be compared with the EU Terror Lists in accordance with the European Anti-Terror Regulations 2580/2001 and 881/2002.
- Processing on the basis of consent
If you consent to the processing of personal data for certain purposes (such as disclosure to third parties), the lawfulness of the processing follows from Art. 6(1)(a) GDPR. Consent can be revoked at any time with effect for the future. However, the revocation of consent does not affect the lawfulness of the processing prior to the revocation or with another legal basis.
If we process personal data on the basis of declarations of consent, we will inform the persons concerned separately of the intended data processing purposes at the time they give their consent.
- Will your data be passed on?
Within our company, only those departments or persons that need your data for the performance of their tasks (such as execution, processing, and coordination of business) are granted access to your data.
In addition, our service providers and contractors may receive data for the aforementioned processing purposes, provided they they maintain confidentiality and the transfer of data is based on one of the above-mentioned legal bases. Such service providers may include those providing IT services, logistics, postal services, assembly, telecommunications, tax consultancy etc. In all cases, the service providers and contractors receive only the data necessary and mandatory for the performance of their individual tasks. In addition, these service providers and contractors are required to grant strict data protection and confidentiality with respect to the data they receive from us.
Transfer of data to any other third party will occur only to the extent permitted or required by law, if you have consented to it or if we are authorized to provide such information. Under these conditions, recipients of your data may include:
- Public bodies and institutions (customs authorities, public prosecutors, police or other regulatory authorities, etc) in the presence of a legal or official obligation or permission (Art. 6(1)(c) or (f) GDPR).
- Authorities or other state institutions due to statutory provisions (Art. 6(1)(c))
Should we pass on data to service providers outside the EEA as part of our relationship, the transfer will generally take place only if the recipient (such as Switzerland) has been confirmed by the EU Commission as having an appropriate level of data protection or if other appropriate data protection guarantees are in place or if the transfer is necessary for the performance of the contract.
- How long are your data stored?
As soon as your data is no longer required for business purposes, it will be deleted unless you have given your consent for further storage or we have a legitimate interest in further storage such as commercial or tax obligations, for which the retention period may be up to ten years.
To the extent that we require data and documents as evidence for the assertion of, exercise of or defense against legal claims, we reserve the right to retain them subject to the respective limitation periods. This also applies to the assertion and processing of warranty and service claims. (Art. 6(1)(f) GDPR)
- What rights do you have?
You have the right to access the data stored by us (Art.15 GDPR), rectification (Art 16 GDPR), erasure (Art 17 GDPR), restriction of processing (Art 18 GDPR), data portability (Art 20 GDPR) and the right to object to processing (Art 21 GDPR).
- Your Questions Or Complaints
If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. If you are in the EEA and want to find contact details of your local Data Protection Authority, please see: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
We reserve the right to adapt our Data Protection Information to changes in regulation or law.